<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
<?php

echo "REMOTE_ADDR : " . $_SERVER['REMOTE_ADDR'];
echo "<br/>";
echo "HTTP_X_FORWARDED_FOR : " . $_SERVER['HTTP_X_FORWARDED_FOR'];
echo "<br/>";
?>



<pre style="font-size:130%;">
Whatever you do, make sure not to trust data sent from the client. $_SERVER['REMOTE_ADDR'] contains the real IP address of the connecting party. That is the most reliable value you can find.

However, they can be behind a proxy server in which case the proxy may have set the $_SERVER['HTTP_X_FORWARDED_FOR'], but this value is easily spoofed. For example, it can be set by someone without a proxy, or the IP can be an internal IP from the LAN behind the proxy.

This means that if you are going to save the $_SERVER['HTTP_X_FORWARDED_FOR'], make sure you also save the $_SERVER['REMOTE_ADDR'] value. E.g. by saving both values in different fields in your database.

If you are going to save the IP to a database as a string, make sure you have space for at least 45 characters. IPv6 is here to stay and those addresses are larger than the older IPv4 addresses.
</pre>
